Using Nginx Proxy Manager on Unraid

Nginx Proxy Manager (NPM) (opens in a new tab) is a great tool for exposing your internal services through a custom domain instead of their IP address. Instead of accessing http://192.168.178.32:3001 I can go to https://emby.mydomain.com and will be routed to my local Emby server — with free Let’s Encrypt SSL certificates as a nice bonus. I want to share how I personally use NPM on Unraid.

Three important notes before we start:

• I do not use NPM to help me expose my local services to the internet; I only access my home network through a VPN. Many others show port forwarding but I don’t want to do that.
• I use a Fritz!Box router which has some quirks when it comes to internal networks. Some of the things explained here might not apply to you if you use a Unifi router, etc.
• I’ve changed quite a few default settings, I’d definitely recommend watching a general installation guide for NPM in parallel to this post, as I’m trying to explain the solutions to my specific problems and not how to set up NPM in general.

Install Nginx Proxy Manager (NPM) Official (opens in a new tab) through the Community Applications. They have great debugging instructions (opens in a new tab) for common problems.

During setup I set the Network Type to Host and left the other options as-is.

I had problems with my router and internal resolution, so I adjusted a few defaults:

• In Settings > Management Access I set the HTTP port to 5000 and HTTPS port to 5001
• In Settings > Docker I updated these options:
  • Docker custom network type: ipvlan
  • Host access to custom networks: Enabled
  • Preserve user defined networks: Yes

I set up a custom docker network and use it for all Docker containers except NPM. By changing the stock ports of Unraid the internal IP address of the server directly points towards NPM.

Inside Cloudflare (where I bought my domain) I added two DNS records:

• A record for mydomain.com pointing to my internal IP address (the Container IP shown for NPM in Unraid)
• CNAME record for * pointing to mydomain.com (DNS only, no proxy)

Now that everything is set up, you can go to NPM and configure some Proxy Hosts. Before adding them though, you should first set up an SSL certificate. Navigate to the SSL Certificates tab and select Add SSL Certificate. Choose Let’s Encrypt. You’ll get a modal where you enter your domain and email address. I had success choosing Use a DNS Challenge in the past, but it might vary based on your setup.

If everything went smoothly you now have SSL certificates for *.mydomain.com and mydomain.com. Switch to the Hosts > Proxy Hosts tab and press Add Proxy Host.

A new modal opens. I typically enter these settings:

• Domain Names: subdomain.mydomain.com
• Scheme: http
• Forward Hostname / IP: Look at the LAN IP:Port column in Unraid’s docker tab and enter the values here
• Enable Websockets Support
• SSL
  • SSL Certificate: Select the certificate you created in the previous step
  • Force SSL: Enabled
  • HTTP/2 Support: Enabled
  • HSTS Enabled

I followed all these steps the first time I added NPM and it didn’t work! I couldn’t figure out why until I found a forum post online that solved my problem. Here’s what I needed to change in my Fritz!Box router:

Inside Home Network > Network > Network Settings I had to change the DNS-Rebind-Protection setting. I added mydomain.com to the list of allowed domains and then everything worked as expected.

Fritz!Box doesn’t allow DNS resolution of domain names that point to private IPs to protect against DNS rebinding attacks. That’s why NPM didn’t work out of the box for me.

With NPM set up, all my services are now accessible via clean subdomains over HTTPS — no port numbers to remember.